Thursday, August 15, 2013

“…we now know that the NSA’s assertion that it does not “target” U.S. persons is either a lie, or is about to become one. Leaked NSA documents show that in 2011, the NSA changed its “minimization” rules to allow its operatives to search for individual Americans’ communications using their name or other identifying information. Such a change would turn “minimization” into a blanket authority to warrantlessly spy on Americans – in defiance of specific legal restrictions prohibiting this sort of domestic spying. Senator Ron Wyden has said that the law provides the NSA with a loophole potentially allowing “warrantless searches for the phone calls or emails of law-abiding Americans”…”—Forbes website contributor Jennifer Granick

by Larry Geller
I’m amazed that there is not much public outrage over the revelations that ooze from our government’s spy program. At this point, I take it as a given that they have everything written or spoken.
How about this, faithful Gmail users:

People sending email to any of Google's 425 million Gmail users have no "reasonable expectation" that their communications are confidential, the internet giant has said in a court filing.
Consumer Watchdog, the advocacy group that uncovered the filing, called the revelation a "stunning admission." It comes as Google and its peers are under pressure to explain their role in the National Security Agency's (NSA) mass surveillance of US citizens and foreign nationals.
"Google has finally admitted they don't respect privacy," said John Simpson, Consumer Watchdog's privacy project director. "People should take them at their word; if you care about your email correspondents' privacy, don't use Gmail."
[The Guardian, Google: don't expect privacy when sending to Gmail, 8/14/2013]

So the NSA can grab our personal communications, and Google thinks we should expect no privacy when using their service. Is this ok with everyone?
Of course, it’s not just personal “happy birthday” or “cute kitty” correspondence they are collecting. They have lawyer-client communications. Many businesses and corporations send critical, often (supposedly) confidential data over Gmail.
We don’t know if Google also cooperates with foreign governments that may demand our correspondence. Their admission could mean that the technical correspondence of engineers and scientists is exposed to governments and to competitors.
Coincidentally, the IEEE (Institute of Electrical and Electronics Engineers) posted an article for members with details of their conversion of members’ internal mail accounts to Gmail with additional cloud services. Their article (Google Apps Now Available to IEEE Members, 8/14/2013) was posted coincidentally the same day as the above Guardian story.
I’m sure that several people worked long and hard to accomplish the conversion to Gmail, but what have they done? As a concerned member, I posted a comment on that article since the IEEE itself has failed to convey that by using the new system, their users no longer have a "reasonable expectation" that their communications are confidential.
I believe that the organization (and others) should be very concerned, and should consider getting off Google services. In my comment is this hypothetical:

Imagine that Company A is conducting research at an undisclosed laboratory, and an engineer communicates via this Gmail-based system with Company B, also part of the project, that a certain patent for (say) a drone guidance system has been approved. Soon, on a computer monitor in a dark air-conditioned room someplace in Honolulu, the message is flagged because it contains the word “drone.” At that point, one is relying entirely on the honesty of that person (and who knows how many others) not to jump on and profit from the information revealed. Since location data may be included, the secret laboratory is secret no longer.

If there are potentially 4.9 million people capable of viewing anyone’s Gmail correspondence, how can one ever be sure that sensitive data will not be taken and used for personal gain?
The IEEE did not reply to an email I sent on the subject at the time they initially announced the conversion. The Google “no expectation of privacy” revelation is new, so I’m waiting to see if there is any reaction at this time.

Once data is shared, it is out there and cannot be contained
Another snip from the Forbes article:

The Obama Administration repeatedly has assured us that the NSA does not collect the private information of ordinary Americans. Those statements simply are not true. We now know that the agency regularly intercepts and inspects Americans’ phone calls, emails, and other communications, and it shares this information with other federal agencies that use it to investigate drug trafficking and tax evasion.

First, they’re looking at all of the private information they can get hold of in order to determine what part they want. If it is shared with other agencies, then it’s not just the NSA and its contractors who can see it, but anyone those other agencies choose to share data with.
Once data gets loose, it cannot be contained. You can’t stuff it back into the Internet someplace. When set free, it moves around in unpredictable ways.
Imagine what a database of personal information would go for on the black market in India, as an example.